(Bloomberg) — Hackers may have breached a database with information on 1.1 million customers of CareFirst BlueCross BlueShield, a health insurer operating in Maryland, Virginia and the District of Columbia.
The breach happened last June, when hackers targeted a database that contained information customers used to log on to CareFirst’s website, the not-for-profit health insurer said in a statement Wednesday.
They may have obtained names, birth dates, e-mail addresses and subscriber identification numbers, the insurer said. The database didn’t have passwords, Social Security numbers, credit card information or medical records.
CareFirst said a review by the security firm Mandiant Corp. didn’t find evidence of any other breaches.
Hackers are increasingly targeting medical information, in particular from health insurers, which can offer a wealth of data including health, financial and identity information.
In February, the health insurer Anthem Inc. (NYSE:ANTM) said hackers accessed data on about 80 million people. In March, Premera Blue Cross, which operates in the northwestern U.S., said information on 11 million people may have been exposed.